- 09 September 2016
- Privacy and Data Protection
Following on from the case reported last month on data protection (”Failing to anonymise – the cost”), a nursing home in Northern Ireland has received a fine of £15,000 from the Information Commissioner’s Office (“ICO”), following the burglary of the home of one of its staff members.
During the burglary, an unencrypted work laptop was stolen. The laptop contained sensitive personal data, including medical information, on the nursing home’s 29 residents (including “do not resuscitate” orders) and personal data on the 46 members of staff.
The ICO’s subsequent investigation found the nursing home had no policies in place regarding the use of encryption, working from home and the storage of mobile devices. Data security training was also found to be lacking. In issuing the fine, the ICO said there had been “systematic failings” at the nursing home.
The fine was issued despite the nursing home referring themselves to the ICO, no complaints being made by any of the staff or residents’ families and no confirmation that the information had been further disseminated. In determining the level of the fine, the nursing home received some credit for having self-reported its breach to the ICO.
The ICO’s subsequent investigation found the nursing home had no policies in place regarding the use of encryption, working from home and the storage of mobile devices.
The amount of the fine reflected the size of the business, with the ICO stating that a bigger organisation experiencing a similarly serious breach should expect to receive a much larger fine. The case therefore acts as a timely reminder that all businesses must take their legal duties to look after personal data seriously and should ensure adequate policies, procedures and equipment are in place. Simply having a work laptop password protected will not fulfil this duty.
For useful data protection factsheets, checklists and templates, please visit employmentbuddy.com
For further advice on how to protect your business against data protection and privacy claims, please contact our employment lawyers on firstname.lastname@example.org
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.
Read, listen and watch our latest insights
- 03 October 2023
Proposed Reforms To The Arbitration Act 1996
The Law Commission has published its Final Report (the Report) on proposed reforms to the Arbitration Act 1996 (the Act).
- 27 September 2023
10 top tips for negotiating a redundancy settlement agreement
In today’s financial market, redundancies are unfortunately becoming a reality for many businesses and employees.
- 22 September 2023
Talking Employment Law: New family friendly rights
In this first podcast in the ‘Talking Employment Law’ series, Lucy Densham Brown and Rebecca Dowle, members of the employment team summarise some of the big new family-friendly Bills that are working their way through parliament.
- 21 September 2023
Immigration Fees Surcharge – 04 October 2023
The Government has published details of the previously announced increase to visa and sponsorship fees, with the aim of increasing revenue across a range of immigration and nationality visa pathways and associated services.
- 20 September 2023
- Commercial Real Estate
Is your property mixed use? Commercial buyers beware of higher residential SDLT
This article discusses a recent case in which a property buyer calculated the Stamp Duty Land Tax due on the purchase at a lower rate, due to the mixed-use purpose of the property.
- 19 September 2023
- Privacy and Data Protection
Organisations’ use of social media: Data protection
Social media applications (or commonly known as ‘apps’) are being developed all the time and we are constantly being introduced to new social media platforms, some of which take almost no time to gain huge popularity.